CVE Research

TOCTOU Privilege Escalation in Balena Etcher

Balena Etcher versions prior to v2.1.4 on Windows are affected by a Time-of-Check to Time-of-Use (TOCTOU) race condition in the temporary file handling. A medium integrity process can modify the auto-generated .cmd script before it is executed with elevated privileges via UAC, leading to privilege escalation to high integrity.

Stored Cross-Site Scripting (XSS) in Mealie Application

Mealie versions up to 3.0.1 are affected by a Stored XSS vulnerability in the recipe creation functionality. The issue arises due to insufficient sanitization of the "note" and "text" fields, enabling the injection of malicious JavaScript that executes when viewing the recipe.

Artifex Ghostscript PDF Password Leakage Vulnerability

A vulnerability in Artifex Ghostscript before version 10.05.1 causes plaintext passwords used to protect PDF files to be embedded in the output. The issue is due to lack of argument sanitization in gs_lib_ctx_stash_sanitized_arg for the # case, allowing password extraction using simple tools.